A new phishing campaign is targeting members of Financial
Industry Regulatory Authority (FINRA), with emails purporting to be from FINRA
officers. The goal is to obtain the members’ user names and passwords for
Microsoft Office or SharePoint.
Hacking a network or a protected system is difficult, but
attackers have a much easier time with real and valid login credentials. One
way to obtain such private data is through data breaches, but a more
conventional method involves a process named spearphishing.
In the case of the FINRA phishing attack, members of the
organization are directly targeted with emails explicitly crafted for them,
imitating the name of the domain by using “broker-finra.org”, which
is not connected to FINRA.
“These emails have a source domain name ‘@broker-finra.org’
and request immediate attention to an attachment relating to your firm,”
says the FINRA advisory.
“In at least in some cases, the emails do not actually include the
attachment, in which case they may be attempting to gain the recipient’s trust
so that a follow-up email can be sent with an infected attachment or link, or a
request for confidential firm information.”
Some of these phishing emails might contain an attachment
that redirects people to a website where they are asked for Microsoft Office or
SharePoint passwords. Many companies used numerous Office 365 services, and,
with the right credentials, they can be used to get a foothold.
FINRA advises anyone who entered their password to change
it immediately and notify the appropriate individuals in their firm. Employees
should also pay attention to incoming emails, verify if they come from known
contacts, and be wary of websites and other online resources that require them
to submit user names and passwords usually reserved for their organizations.
Targeted phishing campaigns are more common than you
might think. Just last week, Bitdefender identified a
new phishing campaign directed at the Standard Bank of South Africa,
with tens of thousands of emails sent in just one month.